[Snort-users] http_decode-ignorehosts?

Martin Roesch roesch at ...421...
Mon Mar 26 20:03:55 EST 2001


It's in the latest CVS code, check it out or download
http://snort.sourceforge.net/snort-daily.tar.gz

   -Marty

Jeremiah Cruit-Salzberg - HQ wrote:
> 
> I'm new to this list so if this has been asked please excuse me (I looked
> through the archives and FAQ).
> 
> Is there a way to do something like the portscan-ignorehosts for http_decode
> (ie: http_decode-ignorehosts)?  I'm having just a huge false positive hit
> showing up as IIS Unicode attack.  It comes from several of my customers who
> use AOL mail and that triggers the response.
> 
> Thanks for any help!
> 
> --j
> 
>                   .&&&&,&&&&.
>                    \  - -  /
>                    (  @ @  )
>    +------------oOOo-(_)-oOOo---+
>    | J Cruit-Salzberg             |
>    | Sr. LAN/WAN Engineer         |
>    | Casey Family Programs        |
>    | j at ...1642...                |
>    +------------------Oooo------+
>               oooO   (   )
>              (   )    ) /
>               \ (    (_/
>                \_)
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list